{"id":17383764,"url":"https://github.com/lbirchler/sys-call","last_synced_at":"2025-03-27T21:14:59.289Z","repository":{"id":182411418,"uuid":"655516225","full_name":"lbirchler/sys-call","owner":"lbirchler","description":"Linux syscall implementations, calling conventions, and shellcode examples","archived":false,"fork":false,"pushed_at":"2023-06-19T22:24:44.000Z","size":272,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-01T23:36:05.066Z","etag":null,"topics":["assembly","cli","exploit","linux","shellcode","syscalls"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lbirchler.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-06-19T04:11:33.000Z","updated_at":"2024-09-07T09:04:11.000Z","dependencies_parsed_at":"2023-07-19T22:22:53.105Z","dependency_job_id":"a0915617-6a30-4ecc-a195-c380f6c13b37","html_url":"https://github.com/lbirchler/sys-call","commit_stats":null,"previous_names":["lbirchler/sys-call"],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lbirchler%2Fsys-call","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lbirchler%2Fsys-call/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lbirchler%2Fsys-call/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lbirchler%2Fsys-call/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lbirchler","download_url":"https://codeload.github.com/lbirchler/sys-call/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245924515,"owners_count":20694730,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["assembly","cli","exploit","linux","shellcode","syscalls"],"created_at":"2024-10-16T07:43:42.567Z","updated_at":"2025-03-27T21:14:59.264Z","avatar_url":"https://github.com/lbirchler.png","language":"Python","readme":"# sys-call\n\nCLI tool to display Linux syscall implementations, calling conventions, and shellcode examples.\n\nSupported Architectures: \n- arm\n- arm64\n- x86\n- x64\n\nData Sources:\n- Syscall implementations and calling conventions: [syscall.sh](https://syscall.sh) \n- Shellcode Examples: [shell-storm](http://shell-storm.org/shellcode/index.html)\n\n## Install\n```\npip install sys-call\n```\n\n## Usage \n```\nusage: sys-call [-h] [-a {arm,arm64,x64,x86}] {shellcode,info} ...\n\npositional arguments:\n {shellcode,info} commands\n\noptions:\n -h, --help show this help message and exit\n -a {arm,arm64,x64,x86}, --arch {arm,arm64,x64,x86}\n defaults to x64\n```\n\n### `sys-call info`\n```\nusage: sys-call info [-h] [--update] [syscall ...]\n\npositional arguments:\n syscall syscall name(s)\n\noptions:\n -h, --help show this help message and exit\n --update Update syscall database\n```\n\n**Examples**\n\nFor single syscall:\n```\n$ sys-call info execve\n x64 Syscalls \n┏━━━━┳━━━━━━━━┳━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━┓\n┃ nr ┃ name ┃ return rax ┃ arg0 rdi ┃ arg1 rsi ┃ arg2 rdx ┃ arg3 r10 ┃ arg4 r8 ┃ arg5 r9 ┃\n┡━━━━╇━━━━━━━━╇━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━┩\n│ 59 │ execve │ 0x3b │ const char *filename │ const char *const *argv │ const char *const *envp │ │ │ │\n└────┴────────┴─────────────┴──────────────────────┴─────────────────────────┴─────────────────────────┴─────────────┴────────────┴────────────┘\n```\n\nFor multiple syscalls:\n```\n$ sys-call info open read write\n x64 Syscalls \n┏━━━━┳━━━━━━━┳━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━┳━━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━┓\n┃ nr ┃ name ┃ return rax ┃ arg0 rdi ┃ arg1 rsi ┃ arg2 rdx ┃ arg3 r10 ┃ arg4 r8 ┃ arg5 r9 ┃\n┡━━━━╇━━━━━━━╇━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━╇━━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━┩\n│ 2 │ open │ 0x02 │ const char *filename │ int flags │ umode_t mode │ │ │ │\n│ 0 │ read │ 0x00 │ unsigned int fd │ char *buf │ size_t count │ │ │ │\n│ 1 │ write │ 0x01 │ unsigned int fd │ const char *buf │ size_t count │ │ │ │\n└────┴───────┴─────────────┴──────────────────────┴─────────────────┴──────────────┴─────────────┴────────────┴────────────┘\n```\n\nFor all syscalls:\n```\n$ sys-call info \n x64 Syscalls \n┏━━━━━┳━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━┓\n┃ nr ┃ name ┃ return rax ┃ arg0 rdi ┃ arg1 rsi ┃ arg2 rdx ┃ arg3 r10 ┃ arg4 r8 ┃ arg5 r9 ┃\n┡━━━━━╇━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━┩\n│ 67 │ shmdt │ 0x43 │ char *shmaddr │ │ │ │ │ │\n│ 112 │ setsid │ 0x70 │ │ │ │ │ │ │\n│ 68 │ msgget │ 0x44 │ key_t key │ int msgflg │ │ │ │ │\n│ 0 │ read │ 0x00 │ unsigned int │ char *buf │ size_t count │ │ │ │\n│ │ │ │ fd │ │ │ │ │ │\n│ 1 │ write │ 0x01 │ unsigned int │ const char │ size_t count │ │ │ │\n│ │ │ │ fd │ *buf │ │ │ │ │\n...\n```\n\nUpdate sys-call database:\n```\n$ sys-call info --update\n[+] Updated x64 syscalls\n[+] Updated arm64 syscalls\n[+] Updated arm syscalls\n[+] Updated x86 syscalls\n[+] Saved syscall db to: ./syscalldb.json\n```\n\n### `sys-call shellcode`\n```\nusage: sys-call shellcode [-h] [--get GET] [syscall ...]\n\npositional arguments:\n syscall syscall name(s)\n\noptions:\n -h, --help show this help message and exit\n --get GET download shell-storm example; specify id\n```\n\n**Examples**\n\nSearch for execve shellcode examples:\n```\n$ sys-call shellcode execve\n x64 Shellcode \n┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━┓\n┃ author ┃ platform ┃ desc ┃ id ┃\n┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━┩\n│ ZadYree, vaelio and DaShrooms │ Linux/x86-64 │ execveat(\"/bin//sh\") - 29 bytes │ 905 │\n│ 10n1z3d │ Linux/x86-64 │ execve(/sbin/iptables, [/sbin/iptables, -F], NULL) - 49 bytes │ 683 │\n│ egeektronic │ Linux/x86-64 │ setreuid(0,0) execve(/bin/ash,NULL,NULL) + XOR - 85 bytes │ 815 │\n│ egeektronic │ Linux/x86-64 │ setreuid(0,0) execve(/bin/csh, [/bin/csh, NULL]) + XOR - 87 bytes │ 816 │\n│ egeektronic │ Linux/x86-64 │ setreuid(0,0) execve(/bin/ksh, [/bin/ksh, NULL]) + XOR - 87 bytes │ 817 │\n│ egeektronic │ Linux/x86-64 │ setreuid(0,0) execve(/bin/zsh, [/bin/zsh, NULL]) + XOR - 87 bytes │ 818 │\n│ evil.xi4oyu │ Linux/x86-64 │ setuid(0) + execve(/bin/sh) 49 bytes │ 77 │\n│ hophet │ Linux/x86-64 │ execve(/bin/sh, [/bin/sh], NULL) - 33 bytes │ 76 │\n│ zbt │ Linux/x86-64 │ execve(/bin/sh); - 30 bytes │ 603 │\n└───────────────────────────────┴──────────────┴───────────────────────────────────────────────────────────────────┴─────┘\n```\n\nDownload shellcode example: \n```\n$ sys-call shellcode --get 76\n\n# [Linux/X86-64]\n# Dummy for shellcode:\n# execve(\"/bin/sh\", [\"/bin/sh\"], NULL)\n# hophet [at] gmail.com\n\n.text\n\t.globl _start\n_start:\n\t\n\txorq\t%rdx, %rdx\n\tmovq\t$0x68732f6e69622fff,%rbx\n\tshr\t$0x8, %rbx\n\tpush\t%rbx\n\tmovq\t%rsp,%rdi\n\txorq\t%rax,%rax\n\tpushq\t%rax\n\tpushq\t%rdi\n\tmovq\t%rsp,%rsi\n\tmov\t$0x3b,%al\t# execve(3b)\n\tsyscall\n\n\tpushq\t$0x1\n\tpop\t%rdi\n\tpushq\t$0x3c\t\t# exit(3c)\n\tpop\t%rax\n\tsyscall\n\n```\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flbirchler%2Fsys-call","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flbirchler%2Fsys-call","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flbirchler%2Fsys-call/lists"}